Download Dependable Software Systems: Understanding and Mitigating Risks - Prof. Spiros Mancoridis and more Study Guides, Projects, Research Computer Science in PDF only on Docsity! Dependable Software Systems (Risks) Dependable Software Systems Software Related Risks Material drawn from [Neumann] Courtesy Spiros Mancoridis “If anything can go wrong, it will (and at the worst possible moment).” - Murphy Dependable Software Systems (Risks) Sources of Problems • Requirements Definition: Erroneous, incomplete, inconsistent requirements. • Design: Fundamental design flaws in the software. • Implementation: Mistakes in chip fabrication, wiring, programming faults, malicious code. • Support Systems: Poor programming languages, faulty compilers and debuggers, misleading development tools. Dependable Software Systems (Risks) Adverse Effects of Faulty Software (Cont’d) • Transportation: Deaths, delays, sudden acceleration, inability to brake. • Safety-critical Applications: Death, injuries. • Electric Power: Death, injuries, power outages, long-term health hazards (radiation). Dependable Software Systems (Risks) Adverse Effects of Faulty Software (Cont’d) • Money Management: Fraud, violation of privacy, shutdown of stock exchanges and banks, negative interest rates. • Control of Elections: Wrong results (intentional or non-intentional). • Control of Jails: Technology-aided escape attempts and successes, accidental release of inmates, failures in software controlled locks. • Law Enforcement: False arrests and imprisonments. Dependable Software Systems (Risks) Bug in Space Code • Project Mercury’s FORTRAN code had the following fault: DO I=1.10 instead of ... DO I=1,10 • The fault was discovered in an analysis of why the software did not seem to generate results that were sufficiently accurate. • The erroneous 1.10 would cause the loop to be executed exactly once! Dependable Software Systems (Risks) Year Ambiguities (Cont’d) • Mr. Blodgett’s auto insurance rate tripled when he turned 101. • He was the computer program’s first driver over 100, and his age was interpreted as 1. • This is a double blunder because the program’s definition of a teenager is someone under 20! Dependable Software Systems (Risks) Dates, Times, and Integers • The number 32,768 = has caused all sorts of grief from the overflowing of 16-bit words. • A Washington D.C. hospital computer system collapsed on September 19, 1989, days after January 1, 1900, forcing a lengthy period of manual operation. 15 2 15 2 Dependable Software Systems (Risks) Dates, Times, and Integers (Cont’d) • COBOL uses a two-character date field … • The Linux term program, which allows simultaneous multiple sessions over a single modem dialup connection, died word wide on October 26, 1993. • The cause was the overflow of an int variable that should have been defined as an unsigned int. Dependable Software Systems (Risks) Therac-25 Radiation “Therapy” • In Texas, 1986, a man received between 16,500-25,000 rads in less than 1 sec, over an area of about 1 cm. • He lost his left arm, and died of complications 5 months later. • In Texas, 1986, a man received at least 4,000 rads in the right temporal lobe of his brain. • The patient eventually died as a result of the overdose. Dependable Software Systems (Risks) Therac-25 Radiation “Therapy” (Cont’d) • In Washington, 1987, a patient received 8,000-10,000 rads instead of the prescribed 86 rads. • The patient died of complications of the radiation overdose. Dependable Software Systems (Risks) AT&T Bug: Hello? ... Hello? • In mid-December 1989, AT&T installed new software in 114 electronic switching systems. • On January 15, 1990, 5 million calls were blocked during a 9 hour period nationwide. Dependable Software Systems (Risks) Bank Generosity (Cont’d) • A software flaw caused a UK bank to duplicate every transfer payment request for half an hour. The bank lost 2 billion British pounds! • The bank eventually recovered the funds but lost half a million pounds in potential interest. Dependable Software Systems (Risks) Making Rupee! • An Australian man purchased $104,500 worth of Sri Lankan Rupees. • The next day he sold the Rupees to another bank for $440,258. • The first bank’s software had displayed a bogus exchange rate in the Rupee position! • A judge ruled that the man had acted without intended fraud and could keep the extra $335,758! Dependable Software Systems (Risks) Bug in BoNY Software • The Bank of New York (BoNY) had a $32 billion overdraft as the result of a 16-bit integer counter that went unchecked. • BoNY was unable to process the incoming credits from security transfers, while the NY Federal Reserve automatically debited BoNY’s cash account.